Browse Source

Prevented weird number stuff

master
Archie 2 months ago
parent
commit
0ddee3770d
1 changed files with 7 additions and 11 deletions
  1. +7
    -11
      src/pages/api/profile.js

+ 7
- 11
src/pages/api/profile.js View File

@ -10,23 +10,19 @@ export default async (req, res) => {
if (typeof req.body.tag !== "string" || typeof req.body.nickname !== "string")
return res.status(400).json({ err: "badRequest" });
const { tag } = req.body;
const tag = Number(req.body.tag);
const nickname = req.body.nickname.trim();
if (
tag.length !== 4 ||
isNaN(tag) ||
Number(tag) < 1 ||
Number(tag) > 9999 ||
!Number.isInteger(Number(tag))
)
if (isNaN(tag) || tag < 1 || tag > 9999 || !Number.isInteger(tag))
return res.status(400).json({ err: "profile.tag.invalid" });
const tagString = "0".repeat(4 - tag.toString().length) + tag.toString();
if (nickname.length < 1)
return res.status(400).json({ err: "profile.nickname.tooShort" });
if (nickname.length > config.maxNicknameLength)
return res.status(400).json({ err: "profile.nickname.tooLong" });
if (tag !== user.tag && !user.plus)
if (tagString !== user.tag && !user.plus)
return res.status(400).json({ err: "plusOnly" });
// Avoid name#tag conflicts
@ -35,7 +31,7 @@ export default async (req, res) => {
await axios.get(
`${process.env.NEXUS_URI}/nametag?name=${encodeURIComponent(
user.name
)}&tag=${encodeURIComponent(tag)}`,
)}&tag=${encodeURIComponent(tagString)}`,
{
auth: {
username: process.env.NEXUS_ID,
@ -56,7 +52,7 @@ export default async (req, res) => {
`${process.env.NEXUS_URI}/users/${user.id}`,
{
nickname,
tag,
tag: tagString,
},
{
auth: {

Loading…
Cancel
Save